Abstracting massive data for lightweight intrusion detection in computer networks

Handle URI:
http://hdl.handle.net/10754/622270
Title:
Abstracting massive data for lightweight intrusion detection in computer networks
Authors:
Wang, Wei; Liu, Jiqiang; Pitsilis, Georgios; Zhang, Xiangliang ( 0000-0002-3574-5665 )
Abstract:
Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Citation:
Wang W, Liu J, Pitsilis G, Zhang X (2016) Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences. Available: http://dx.doi.org/10.1016/j.ins.2016.10.023.
Publisher:
Elsevier BV
Journal:
Information Sciences
Issue Date:
15-Oct-2016
DOI:
10.1016/j.ins.2016.10.023
Type:
Article
ISSN:
0020-0255
Sponsors:
Ministry of Education of the People's Republic of China[K14C300020]
Appears in Collections:
Articles; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorWang, Weien
dc.contributor.authorLiu, Jiqiangen
dc.contributor.authorPitsilis, Georgiosen
dc.contributor.authorZhang, Xiangliangen
dc.date.accessioned2017-01-02T09:08:23Z-
dc.date.available2017-01-02T09:08:23Z-
dc.date.issued2016-10-15en
dc.identifier.citationWang W, Liu J, Pitsilis G, Zhang X (2016) Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences. Available: http://dx.doi.org/10.1016/j.ins.2016.10.023.en
dc.identifier.issn0020-0255en
dc.identifier.doi10.1016/j.ins.2016.10.023en
dc.identifier.urihttp://hdl.handle.net/10754/622270-
dc.description.abstractAnomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional . k-means, are employed to find the exemplars from the audit data. . k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction.en
dc.description.sponsorshipMinistry of Education of the People's Republic of China[K14C300020]en
dc.publisherElsevier BVen
dc.subjectAnomaly detectionen
dc.subjectComputer securityen
dc.subjectData reductionen
dc.subjectIntrusion detectionen
dc.titleAbstracting massive data for lightweight intrusion detection in computer networksen
dc.typeArticleen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.identifier.journalInformation Sciencesen
dc.contributor.institutionSchool of Computer and Information Technology, Beijing Jiaotong University, No. 3 Shangyuancun, Beijing, 100044, Chinaen
dc.contributor.institutionComputer Science Research, Athens, Greeceen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.